Hello list,
are there any considerations about using tls-subcerts also with other
certificate types than X509?
Especially RFC7250 (Raw Public Key) would raise the question, how to
handle certificate types, which don't carry a "notBefore". Maybe a
default value can be used.
I created https://github.com/tlswg/tls-subcerts/issues/107
best regards
Achim Kraus
Am 10.05.22 um 02:37 schrieb [email protected]:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security WG of the IETF.
Title : Delegated Credentials for (D)TLS
Authors : Richard Barnes
Subodh Iyengar
Nick Sullivan
Eric Rescorla
Filename : draft-ietf-tls-subcerts-13.txt
Pages : 17
Date : 2022-05-09
Abstract:
The organizational separation between operators of TLS and DTLS
endpoints and the certification authority can create limitations.
For example, the lifetime of certificates, how they may be used, and
the algorithms they support are ultimately determined by the
certification authority. This document describes a mechanism to to
overcome some of these limitations by enabling operators to delegate
their own credentials for use in TLS and DTLS without breaking
compatibility with peers that do not support this specification.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/
There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-tls-subcerts-13
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-subcerts-13
Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
